Privacy Policy for The Library

Redia A/S
P.O. Pedersensvej 14E
8200 Aarhus N
DK
CVR number: 33048084

This is version 1, last updated on 10.06.2024 13:45.

 

Table of Contents

1. Introduction
2. Types of Personal Data Processed
3. Purpose of Processing Personal Data
4. Legal Basis for Processing Personal Data
5. Disclosure and Transfer of Personal Data
6. Deletion and Retention of Personal Data
7. Your Rights
8. Changes to This Policy
9. Contact Information

 

1. Introduction

1.1 This privacy policy ("Policy") describes how Redia A/S ("us", "we", or "our") collects and processes a range of personal data about you to enable you to use the app.

1.2 The Policy is formulated and made available to comply with the General Data Protection Regulation (2016/679 of April 27, 2016) ("GDPR") and its rules on the duty to inform.

 

2. Types of Personal Data Processed

2.1 We process personal data about you when it is relevant and in accordance with applicable law. Depending on the specific circumstances, this may include the following types of personal data:

  • Username
  • PIN code and/or password
  • Name
  • Email address
  • Phone number


2.2 We also process Patron ID.

2.3 Personal data is collected from external sources when relevant. Personal data is collected from the library system.

2.4 If we need to collect and process other personal data than those listed above, we will inform you at the time of collection. This may also be indicated by updating this Policy.

 

3. Purpose of Processing Personal Data

3.1 We process your personal data only for legitimate purposes in accordance with the GDPR. Personal data may, depending on the circumstances, be processed for the following purposes:

  • To deliver or offer services or products to users, customers, or members.
  • To deliver operational messages and information to users, customers, or members.

 

4. Legal Basis for Processing Personal Data

4.1 We process your personal data only if we have a legal basis for processing in accordance with the GDPR. The processing of personal data takes place, depending on the specific circumstances, on the basis of the following legal ground:

  • The processing is necessary for the pursuit of a legitimate interest where the data subject's interests or fundamental rights and freedoms requiring the protection of personal data do not override, pursuant to GDPR, Article 6(1)(f).

 

5. Disclosure and Transfer of Personal Data

5.1 We only disclose personal data to others when the law permits or requires it, including when relevant and at your and/or the data controller's specific request.

5.2 We disclose personal data to the following recipients from the EU/EEA:

  • Data processors

5.3 We generally use various external and professional organizations as suppliers and partners to deliver or help us deliver our services and products. External organizations will not receive or process personal data unless the law permits the transfer and processing of these.

If external organizations or partners are data processors for us, their processing of personal data will always be in accordance with a data processing agreement that meets the legal requirements for this. If external organizations or partners are independent data controllers, their processing of personal data will be in accordance with their own privacy, data security, or data protection policy, which the external organizations will inform you about unless the law states otherwise.

5.4 Personal data is not transferred to recipients in third countries. However, a cloud solution has been and continues to be used for hosting/storing personal data in the app solution with a U.S.-registered company. It has been agreed with the company that personal data will be stored in Europe, and the EU Commission's standard contractual clauses (SCC) apply to the processing of personal data in the cloud solution. Additionally, the supplementary measure taken to protect personal data in the Library app is that the data is highly encrypted.

5.5 You can contact us for more information, including questions about our use of data processors, cooperation with other data controllers, including subsidiaries, or the transfer of personal data to third countries, as well as to receive a copy of the documentation of the transfer basis.

 

6. Deletion and Retention of Personal Data

6.1 We ensure that personal data is deleted when they are no longer relevant for the processing purposes described above. We always retain personal data for the period required by applicable law, including for documentation of compliance with, among other things, the Accounting Act's provisions. For questions about retention and processing of personal data, please contact us at the email address provided in the last section of this Policy.

 

7. Your Rights

7.1 As a data subject, you have several rights:

7.1.1 You have the right to request access to the personal data we process about you, the purpose of the processing, and whether we disclose the personal data to others.

7.1.2 You have the right to have inaccurate personal data about you corrected.

7.1.3 In certain cases, you have the right to have some of your personal data deleted.

7.1.4 In certain cases, you have the right to restrict the processing of your personal data so that we only store them for a given period.

7.1.5 In certain cases, you have the right to object to our processing of your personal data, based on reasons and circumstances relating to your particular situation.

7.1.6 You have the right not to be subject to an automated decision without human intervention unless the decision is necessary for your employment with us, or the decision is made based on legal grounds or your explicit consent.

7.1.7 If we have obtained your consent for part of our processing of your personal data, you have the right to withdraw your consent at any time. If you choose to withdraw your consent, it does not affect the legality of the processing based on the consent before it was withdrawn.

7.1.8 In certain cases, you have the right to data portability of the personal data you have provided to us.

7.1.9 You can always file a complaint with the Data Protection Authority.

7.2 There may be conditions or limitations related to these rights. Therefore, it is not certain that you, for example, have the right to data portability in the specific case - this depends on the specific circumstances surrounding the processing activities.

7.3 You can find more information about your rights as a data subject on the Data Protection Authority's website.

7.4 Please use the contact information below if you want to exercise your rights.

7.5 We strive to accommodate your wishes regarding our processing of personal data, but you can always file a complaint with the Data Protection Authority.

 

8. Changes to This Policy

8.1 We reserve the right to update and change this Policy. If we change the Policy, we will change the date and version at the top of the document. We will notify you of significant changes through a visible message on our website, email, or other communication forms.

 

9. Contact Information

9.1 You are welcome to contact us at the email address provided below if you:

  • disagree with our processing or believe it violates applicable law,
  • have questions or comments on this Policy, or
  • wish to exercise one or more of your rights as a data subject.

For questions or comments on this Policy, or to exercise one or more rights, please contact us at GDPR@redia.dk.